App designed to protect your privacy has been discovered snooping

Mozilla Firefox users have had their online history tracked by an app that was designed to protect privacy.

The popular Web Security app, which has been installed by 222,746 Firefox users, was caught snooping at the websites users visited.

It was doing so by recording each page a user clicked on in the browser and then forwarding this information to a specific address on the internet where it was stored.

This is despite it claiming to actively protecting users ‘from malware, tampered websites or phishing sites that aim to steal your personal data.’

Last week the add-on was even recommended on the official Firefox blog.

Just last month another popular plug-in for Google Chrome and Mozilla Firefox was also found to be recording what users did online.

Mozilla Firefox users may have had their entire online history recorded by an app designed to protect users’ privacy (stock image)

The reports were made by Raymond Hill, the author of uBlock Origin and Mike Kuketz, a German privacy and security blogger.

‘With this extension, I see that for every page you load in your browser, there is a POST to http://136.243.163.73/’, Mr Hill wrote on Reddit last week.

‘The posted data is garbled, maybe someone will have the time to investigate further.’

Just days later, Mr Kuketz posted about the same behaviour.

Someone visiting his forum then decoded the data and revealed that the add-on was sending the URL to a German server.

The data showed the plug-in was tracking individual users as well as their browsing patterns.

In a statement to Bleeping Computer, a spokesperson for Creative Software Solutions who created the add-on said; ‘The addon Web Security is as the name says is a security addon, that protects the user from abusive websites to protect their data and privacy.

‘We do not want sites to track and steal the users data or browsing history. 

‘One of the security aspects includes checking the requested site against a global blacklist, thus the communication between the client and our servers is unavoidable, while we keep it to a absolute minimum and do not log this communication.’ 

The spokesperson also said that the add-on had been processed by Mozilla’s verification staff.

The add-on has not currently been removed from the Mozilla add-on portal.

MailOnline has contacted Mozilla and Creative Software Solutions for comment.  

The popular Web Security app which has been installed by 222,746 Firefox users and was caught snooping at the websites users visited

The popular Web Security app which has been installed by 222,746 Firefox users and was caught snooping at the websites users visited

Just last month it was revealed another popular plug-in for the Google Chrome and Mozilla Firefox was recording everything users did online.

The software, which is designed to allow users to customise the appearance of how webpages appear inside the web browsers, has been hijacked by spyware.

The extension, which has more than 1.8 million users worldwide, may have been recording the browsing history of everyone who uses it.

Worse still, this browsing data could be linked to details that make users identifiable in the real world, making them vulnerable to hackers and blackmailers.

The plug in has since been removed from both Google Chrome and Mozilla Firefox’s respective official stores.  

An expert discovered that software is designed to allow users to customise the appearance of how web pages appear in Chrome and Firefoz, had been hijacked by spyware. The extension may have been recording the browsing history of everyone who uses it (pictured)

An expert discovered that software is designed to allow users to customise the appearance of how web pages appear in Chrome and Firefoz, had been hijacked by spyware. The extension may have been recording the browsing history of everyone who uses it (pictured)

The finding was made by Robert Theaton, a software engineer from San Francisco, who discovered the software, dubbed Stylish, had been recording browser history since January 2017, when it was bought by new owners SimilarWeb.

Writing on his blog, Mr Theaton said: ‘It only takes one tracking request containing one session cookie to permanently associate a user account with a Stylish tracking identifier. 

‘This means that Stylish and SimilarWeb still have all the data they need to connect a real-world identity to a browsing history, should they or a hacker choose to.’

Stylish sends complete browsing activity back to its servers, together with a unique identifier, he claims.

That includes actual Google search results from your browser window.

The finding was made by Robert Theaton, a software engineer from San Francisco, who discovered the software, called Stylish, had been recording browser history since January 2017, when it was bought by new owners SimilarWeb. This image shows the Firefox version

The finding was made by Robert Theaton, a software engineer from San Francisco, who discovered the software, called Stylish, had been recording browser history since January 2017, when it was bought by new owners SimilarWeb. This image shows the Firefox version

This allows its new owner, SimilarWeb, to connect an individual with all of their online activity.

Those who have created a Stylish account on userstyles.org will have a unique identifier that can easily be linked to a login cookie and text files intended to help users access a website faster and more efficiently.

This means that not only does SimilarWeb own a copy of any user’s complete browsing histories, they also own enough other data to theoretically tie these histories to email addresses and real-world identities. 

HOW CAN YOU PROTECT YOUR INFORMATION ONLINE?

Because hackers are becoming more creative, security experts are warning that consumers need to take all possible measures to protect their identities (file photo)

Because hackers are becoming more creative, security experts are warning that consumers need to take all possible measures to protect their identities (file photo)

  1. Make your authentication process two-pronged whenever possible. You should choose this option on websites that offer it because when an identity-specific action is required on top of entering your password and username, it becomes significantly harder for fraudsters to access your information.
  2. Secure your phone. Avoiding public Wifi and installing a screen lock are simple steps that can hinder hackers. Some fraudsters have begun to immediately discount secure phones altogether. Installing anti-malware can also be beneficial.
  3. Subscribe to alerts. A number of institutions that provide financial services, credit card issuers included, offer customers the chance to be notified when they detect suspicious activity. Turn those notifications on to stay informed about credit card activity linked to your account.
  4. Be careful when issuing transactions online. Again, some institutions offer notifications to help with this, which will alert you when your card is used online. It might also be helpful to institute limits on amounts that can be spent with your card online. 



Read more at DailyMail.co.uk